During my days as an actual telco risk manager there were recurring difficulties whenever risks had to be explained to important people who had no understanding of networks. They can empathize with users of networks, because they know what it is like to be a user, but that cannot empathize with providers of network services, because they cannot conceive of the challenges that providers face. This is a genuine issue with executives, despite the fact they are supposed to be managing businesses that are built around the use of networks. I imagine something similar occurs in the minds of teachers when they talk to parents, because everybody knows what it is like to be in school, but fewer have taught a class. And I know something analogous occurs with people who run websites, because of the advice I get from people who think about the web like they think about television or newspapers — as something they like to receive, not something they have ever produced. So today I will briefly shift the emphasis from whether somebody agrees or disagrees with the words published on this website to the work that needs to go into making these words available without allowing them to become subject to the censorious whims of social media companies. As much as I oppose social media censors, I must admit there are even worse would-be censors who seek to dominate the internet. Those people are commonly referred to as hackers.
Regular visitors may have noticed this website running slowly a few months ago. They may have even been asked to perform a test that seeks to verify if they are human. This eventually became necessary because Commsrisk was coming under increasing attack. On March 28, a massive attack persisted for approximately an hour before our team was able to react. The hackers’ goal was to gain access to the administration interface for the website. The website remained visible to ordinary visitors during this interval, but with a significant lag in how long pages took to load. Our team responded by enhancing the blocking of IP addresses used by the hackers.
We did not appreciate until later that there had been a growing number of attacks on Commsrisk in the weeks preceding the assault of March 28. It is not unusual for websites to be tested by hackers who attempt to gain access using the most obvious default passwords and usernames. That is a daily occurrence and gets treated as just another overhead. We had not observed a pattern where it appeared that hackers were ramping up their efforts, particularly on March 17 and then to an even greater extent on March 21. The number of attacks then fell below normal for several days before the events of March 28, when the load created by hackers during a single hour was double the cumulative load hackers had created for us across the previous 30 days.
The physical locations of the IP addresses used to attack this website were distributed across 135 different countries. The USA is home to the greatest share of the IP addresses that were used for this attack, 18 percent, followed by 12 percent from India and 5 percent from Russia. However, IP addresses in France did the most work during the attack. 72 percent of the hacking attempts originated on French IP addresses, followed by 7 percent from Germany and 6 percent from the USA.
Some of the attempted intrusions came from a well-known botnet that attacks many other websites on a daily basis. However, this represented under 5 percent of all the attempts to log into Commsrisk during the attack. The distribution of malicious activity over time, and the details of the attack on March 28 suggests the background noise created by daily hacking attempts meant we did not promptly identify the risk of a different party that was specifically probing our defenses.
We are working to keep speech free. To put that into perspective, let me observe that some of our readers do not like Elon Musk, whilst others do not like Mark Zuckerberg. I find the censors on LinkedIn to be worse than any working for the internet billionaires that fill the public imagination, but the topic of the worst social network can be left for another day. What matters is that keeping speech free does not come free of charge. It may seem free if you post some words you like to a social network, but what really happened is that you let somebody else cover the cost of keeping those servers online in exchange for allowing them and their algorithms to decide if anyone will see what you wrote. That may appear to be freedom, but it is only the freedom of an animal that never presses its nose against the bars of its cage. It is not the right kind of freedom if you believe there is sometimes a need to criticize the people who want to control what the rest of us can see.
The freedom to criticize comes at a cost, and is borne by the small team that keeps this site running, with thanks to the financial contribution made by our advertisers. The cost has been going up, both because of the increased popularity of this website, and the amount of duress created by hackers. We are not introducing charges for this content, and we never will, but if you want us to keep rising to the challenge then please do us a favor. Let others know that you read Commsrisk. We provide information of a type you will not find on television, or printed in newspapers, or even published by other websites, and we do it on a shoestring budget compared to the people who compete with us for attention. Not everybody understands how networks function, or the risks they face, but not everybody needs to. We need you to want Commsrisk, because there are plenty who are trying to stop us.



